Commits · 7cea05dcc7f6f74a18d48102008d53ea9a42c297 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Oct 03, 2016

Move init of the WPACKET into write_state_machine() · 7cea05dc

Matt Caswell authored Sep 29, 2016



Instead of initialising, finishing and cleaning up the WPACKET in every
message construction function, we should do it once in
write_state_machine().

Reviewed-by: Rich Salz <rsalz@openssl.org>

7cea05dc

Oct 02, 2016

Remove untrue comment. · b7c9aa64
Ben Laurie authored Oct 01, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b7c9aa64
Make dependencies if Makefile is new. · d423c5ad
Ben Laurie authored Oct 01, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d423c5ad

Rename ssl_set_handshake_header2() · a29fa98c

Matt Caswell authored Sep 29, 2016

ssl_set_handshake_header2() was only ever a temporary name while we had
to have ssl_set_handshake_header() for code that hadn't been converted to
WPACKET yet. No code remains that needed that so we can rename it.

Reviewed-by: Rich Salz <rsalz@openssl.org>

a29fa98c

Remove ssl_set_handshake_header() · e2726ce6

Matt Caswell authored Sep 29, 2016



Remove the old ssl_set_handshake_header() implementations. Later we will
rename ssl_set_handshake_header2() to ssl_set_handshake_header().

Reviewed-by: Rich Salz <rsalz@openssl.org>

e2726ce6

Remove the tls12_get_sigandhash_old() function · 42cde22f

Matt Caswell authored Sep 29, 2016



This is no longer needed now that all messages use WPACKET

Reviewed-by: Rich Salz <rsalz@openssl.org>

42cde22f

fix memory leak · bcaad809
Dr. Stephen Henson authored Oct 02, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
bcaad809
Don't use DES when disabled. · c1eba83f
Ben Laurie authored Oct 02, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c1eba83f

Oct 01, 2016

fix memory leak · eb67172a
Dr. Stephen Henson authored Oct 01, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
eb67172a
Add SRP test vectors from RFC5054 · 198d8059
Dr. Stephen Henson authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
198d8059

SRP code tidy. · 8f332ac9

Dr. Stephen Henson authored Sep 29, 2016



Tidy up srp_Calc_k and SRP_Calc_u by making them a special case of
srp_Calc_xy which performs SHA1(PAD(x) | PAD(y)).

This addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>

8f332ac9

Sep 29, 2016

Convert NewSessionTicket construction to WPACKET · a00d75e1
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a00d75e1

Fix an error in packet_locl.h · b36017fe

Matt Caswell authored Sep 29, 2016



A convenience macro was using the wrong underlying function.

Reviewed-by: Rich Salz <rsalz@openssl.org>

b36017fe

Convert CertStatus message construction to WPACKET · cc59ad10
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
cc59ad10

Fix mis-named macro in packet_locl.h · f308416e

Matt Caswell authored Sep 29, 2016



A couple of the WPACKET_sub_memcpy* macros were mis-named.

Reviewed-by: Rich Salz <rsalz@openssl.org>

f308416e

Convert SeverDone construction to WPACKET · 4346a8fa
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
4346a8fa
make update · b1b4f0a5
Dr. Stephen Henson authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b1b4f0a5

Print <ABSENT> if a STACK is NULL. · 73a9f60d

Dr. Stephen Henson authored Sep 28, 2016



If a STACK (corresponding to SEQUENCE OF or SET OF) is NULL then the
field is absent as opposed to empty (present but has zero elements).

Reviewed-by: Rich Salz <rsalz@openssl.org>

73a9f60d

add item list support to d2i_test · adffae15
Dr. Stephen Henson authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
adffae15
ASN1_ITEM should use type name not structure name. · 2171a071
Dr. Stephen Henson authored Sep 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
2171a071
Add -item option to asn1parse · 5fb10059
Dr. Stephen Henson authored Sep 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5fb10059
Add ASN1_ITEM lookup and enumerate functions. · 56501ebd
Dr. Stephen Henson authored Sep 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
56501ebd
Fix missing NULL checks in NewSessionTicket construction · 83ae4661
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
83ae4661
Fix an mis-matched function code so that "make update" doesn't fail · e4e1aa90
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
e4e1aa90
Add an example of usage to the WPACKET_reserve_bytes() documentation · 0023baff
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
0023baff
Address style feedback comments · ff819477
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
ff819477

Fix a bug in CKE construction for PSK · 4a424545

Matt Caswell authored Sep 29, 2016

In plain PSK we don't need to do anymore construction after the preamble.
We weren't detecting this case and treating it as an unknown cipher.

Reviewed-by: Rich Salz <rsalz@openssl.org>

4a424545

Convert ServerKeyExchange construction to WPACKET · c13d2a5b
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c13d2a5b

Add the WPACKET_reserve_bytes() function · 1ff84340

Matt Caswell authored Sep 29, 2016



WPACKET_allocate_bytes() requires you to know the size of the data you
are allocating for, before you create it. Sometimes this isn't the case,
for example we know the maximum size that a signature will be before we
create it, but not the actual size. WPACKET_reserve_bytes() enables us to
reserve bytes in the WPACKET, but not count them as written yet. We then
subsequently need to acall WPACKET_allocate_bytes to actually count them as
written.

Reviewed-by: Rich Salz <rsalz@openssl.org>

1ff84340

Remove tls12_copy_sigalgs_old() · ac8cc3ef

Matt Caswell authored Sep 29, 2016



This was a temporary function needed during the conversion to WPACKET. All
callers have now been converted to the new way of doing this so this
function is no longer required.

Reviewed-by: Rich Salz <rsalz@openssl.org>

ac8cc3ef

Convert CertificateRequest construction to WPACKET · 28ff8ef3
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
28ff8ef3

Address style feedback comments · 25849a8f

Matt Caswell authored Sep 29, 2016



Merge declarations of same type together.

Reviewed-by: Rich Salz <rsalz@openssl.org>

25849a8f

Fix a bug in the construction of the ClienHello SRTP extension · 7facdbd6
Matt Caswell authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
7facdbd6
Fix heartbeat compilation error · 7507e73d
Matt Caswell authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
7507e73d

Delete some unneeded code · 150e2985

Matt Caswell authored Sep 28, 2016



Some functions were being called from both code that used WPACKETs and code
that did not. Now that more code has been converted to use WPACKETs some of
that duplication can be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>

150e2985

Convert ServerHello construction to WPACKET · 8157d44b
Matt Caswell authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
8157d44b

Fix an Uninit read in DTLS · 2f2d6e3e

Matt Caswell authored Sep 28, 2016



If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2f2d6e3e

Fix no-dtls · 55386bef

Matt Caswell authored Sep 28, 2016



The new large message test in sslapitest needs OPENSSL_NO_DTLS guards

Reviewed-by: Richard Levitte <levitte@openssl.org>

55386bef

Sep 28, 2016

apps/apps.c: initialize and de-initialize engine around key loading · 49e476a5

Richard Levitte authored Sep 28, 2016



Before loading a key from an engine, it may need to be initialized.
When done loading the key, we must de-initialize the engine.
(if the engine is already initialized somehow, only the reference
counter will be incremented then decremented)

Reviewed-by: Stephen Henson <steve@openssl.org>

49e476a5

Revert "Call ENGINE_init() before trying to use keys from engine" · 56e36bda

Rich Salz authored Sep 28, 2016

This reverts commit 0a720029

.
This fails to call ENGINE_finish; an alternate fix is forthcoming.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

56e36bda